a0bd1ab5046c46ecb58ffcf3869b7f9f4b2a12b88b0d5abf2d5df9c454eeb86e

Sharing

Copy URL Twitter E-mail

General

Target

a0bd1ab5046c46ecb58ffcf3869b7f9f4b2a12b88b0d5abf2d5df9c454eeb86e
Size

216KB
MD5

33245af8edf2bfc354d8806947a0593d
SHA1

58a6ffef054354fc4657eb44e8f02d4a299fe41a
SHA256

a0bd1ab5046c46ecb58ffcf3869b7f9f4b2a12b88b0d5abf2d5df9c454eeb86e
SHA512

8ce6159392e96dad7ff5603576c250dce61ce93c7db0a080d17eefea442033a48354c76aa992a0509d1bedb7d8c947463f1eae3851b6913a0e24ffa6a16a1f95
SSDEEP

3072:bI397iOD0XCZYPSbRToMqqDLy/hdDpqsY8Oo27Jb:ct7zDLuPSbJDqqDLuhVY8Oo27J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0bd1ab5046c46ecb58ffcf3869b7f9f4b2a12b88b0d5abf2d5df9c454eeb86e

Files

a0bd1ab5046c46ecb58ffcf3869b7f9f4b2a12b88b0d5abf2d5df9c454eeb86e
.exe windows:5 windows x64

a0f5f677744c4be2270a02b4915df044

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc90u

ord3902
ord6423
ord1553
ord2226
ord2233
ord2470
ord2452
ord2450
ord2468
ord2480
ord2457
ord2473
ord2478
ord2461
ord2463
ord2465
ord2459
ord2475
ord2455
ord949
ord945
ord947
ord943
ord938
ord5365
ord5367
ord6101
ord1635
ord4393
ord4843
ord3494
ord5346
ord4294
ord6421
ord5201
ord1954
ord5284
ord4345
ord1430
ord4048
ord1658
ord1661
ord6056
ord3137
ord1578
ord2136
ord4205
ord1514
ord1977
ord1080
ord1335
ord2230
ord3405
ord4355
ord1623
ord1690
ord2437
ord777
ord266
ord362
ord3269
ord4373
ord5335
ord1429
ord6053
ord3257
ord1582
ord1713
ord1714
ord4699
ord5013
ord4856
ord4322
ord5314
ord3740
ord1837
ord1919
ord1840
ord1926
ord1938
ord4871
ord722
ord512
ord6209
ord2218
ord2722
ord6381
ord789
ord3173
ord642
ord2068
ord393
ord286
ord1519
ord285
ord3008
ord6425
ord4139
ord2326
ord6319
ord1634
ord280
ord1469
ord643
ord2336
ord394
ord641
ord1468
ord5217
ord392
ord3141
ord290
ord1215
ord1211
ord2184
ord887
ord2975
ord6259
ord6432
ord1237
ord2364
ord4035
ord287
ord291
ord5449
ord1185
ord1309
ord440
ord916
ord6320
ord265
ord583
ord1949
ord2436
ord1103
ord1205
ord2314
ord310
ord1071
ord1149
ord589
ord2067
ord2303
ord602
ord753
ord617
ord772
ord4145
ord4121
ord6422
ord3901
ord6424
ord4438
ord2110
ord2065
ord5713
ord3906
ord1025
ord5230
ord6363
ord5511
ord3932
ord1966
ord3005
ord5356
ord5358
ord4050
ord4687
ord5362
ord5345
ord5696
ord2602
ord2797
ord2904
ord4419
ord2780
ord2907
ord2605
ord2711
ord2598
ord3818
ord3819
ord3809
ord2709
ord4051
ord4596
ord4372
ord3424
ord577
ord4658
ord3783
ord5568
ord3436
ord5093
ord6027
ord3014
ord1389
ord5307
ord2010
ord1699
ord2973
ord1698
ord1473
ord588
ord2378
ord378
ord5801
ord630
ord441
ord323
ord1463
ord5332
ord2932
ord3073
ord4191
ord4601
ord2981
ord2016
ord595
ord680
ord791
ord3343
ord296
ord6147
ord1209
ord6144
ord6149
ord6143
ord3135
ord779
ord1233

msvcr90

_encode_pointer
free
calloc
memset
malloc
_wtoi
memcpy
_amsg_exit
__wgetmainargs
__C_specific_handler
_CxxThrowException
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
__CxxFrameHandler3
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter

kernel32

RemoveDirectoryW
GetLastError
FreeLibrary
GetProcAddress
FindFirstFileW
SetFileAttributesW
DeleteFileW
FindNextFileW
FindClose
WinExec
HeapFree
lstrlenW
GetProcessHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
SetEnvironmentVariableW
Sleep
LoadLibraryW

user32

LoadIconW
EnableWindow
GetClientRect
IsIconic
GetSystemMenu
SendMessageW
AppendMenuW
DrawIcon
GetSystemMetrics

advapi32

RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyW
RegOpenKeyExW

shell32

SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc

ole32

OleRun
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantChangeType
VariantClear
VariantInit
SetErrorInfo
CreateErrorInfo
GetErrorInfo

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0f5f677744c4be2270a02b4915df044

Headers

DLL Characteristics

File Characteristics

Imports

mfc90u

msvcr90

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 105KB - Virtual size: 105KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 16KB - Virtual size: 18KB

.pdata Size: 7KB - Virtual size: 6KB

.idata Size: 10KB - Virtual size: 9KB

.rsrc Size: 37KB - Virtual size: 37KB

.text
Size: 105KB - Virtual size: 105KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 16KB - Virtual size: 18KB

.pdata
Size: 7KB - Virtual size: 6KB

.idata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 37KB - Virtual size: 37KB